Iframe Usage in Forge Jira Custom UI’s

Mockplus · June 3, 2021, 9:42am

Iframe Usage in Forge Jira Custom UI’s,But it reminds me of the CSP problem, is there any solution for this?
error:Refused to frame ‘https://****.io/’ because it violates the following Content Security Policy directive: “default-src ‘self’”. Note that ‘frame-src’ was not explicitly set, so ‘default-src’ is used as a fallback.
I need to embed an iframe in the jira app.

dmorrow · June 3, 2021, 10:24am

Hi @Mockplus ,

Are you following the Custom UI guidance? Is any of this not working for you? The intention of Custom UI is that Forge hosts the app’s iframe - it’s not designed for iframes hosted externally.

Regards,
Dugald

robertbrower · January 31, 2024, 8:42am

Hello Dugald. I have the same problem when trying to add the issue collector to our Custom UI app following these instructions:

The browser console errors:

Refused to frame [address removed] because it violates the following Content Security Policy directive: “frame-src ‘self’”.

com.atlassian.jira.collector.plugin.jira-issue-collector-plugin:issuecollector.js?locale=en-US&collectorId=4479e78b:9428 Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided (‘[address removed]’) does not match the recipient window’s origin (‘null’).

Do you know how to fix this?

Thanks.

RB

robertbrower · January 31, 2024, 9:06am

Solved:

permissions:
  external:
    frames:
        - [insert your atlassian url here]